cPanel TSR-2019-0006 Full Disclosure

P

Phil Hodges

Guest
SEC-499 Summary Authentication bypass due to variations in webmail username handling. Security Rating cPanel has assigned this vulnerability a CVSSv3.1 score of 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Description The process used to normalize and validate webmail account names was not consistent across different authentication subsystems. Because of these discrepancies, authenticated cPanel users could …

Continue reading...
 

Quags

Administrator
Staff member
With this release WebDAV (which includes webdisk) will be re-enabled on InterServer cPanel shared hosting systems. Webdisk has been disabled since Oct 15th approx.
 
Top